From list-managers-owner@greatcircle.com Mon Aug 9 19:06:52 2004
X-Original-To: list-managers@greatcircle.com
Received: from www-s34d2.ununetworks.com (www-s34d2.ununetworks.com [66.36.228.29])
by mycroft.greatcircle.com (Postfix) with ESMTP id B505C32C1B8
for ; Mon, 9 Aug 2004 19:06:51 -0700 (PDT)
Received: from host81-152-223-179.range81-152.btcentralplus.com ([81.152.223.179])
by www-s34d2.ununetworks.com with asmtp (Exim 4.30; FreeBSD)
id 1BuM1m-000GN0-BN; Mon, 09 Aug 2004 22:06:14 -0400
Message-ID: <41182D99.2050308@btinternet.com>
Date: Tue, 10 Aug 2004 03:06:17 +0100
From: lee
User-Agent: Mozilla Thunderbird 0.7.2 (Windows/20040707)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Mailgust , list-managers@greatcircle.com
Subject: (off topic) Compressing and Saving to floppy
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - www-s34d2.ununetworks.com
X-AntiAbuse: Original Domain - greatcircle.com
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6]
X-AntiAbuse: Sender Address Domain - btinternet.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Archive-Number: 200408/1
X-Sequence-Number: 1792
hello everyone,
Can anyone tell me how to compress a folder of files so that I can copy
it onto my pc's A (floppy) drive? I currently have 3.5" discs which can
otherwise not hold a complete folder of files.
I've already tried saving the folder(s) using WinZip or win-gz before
saving to floppy, but the overall kilobytes size seems to still be the same.
Maybe any compression only reduces the folder to say, 1 file, but there
is no way to actually reduce the size?
Any advice appreciated,
lee
--
From lee - Have a PC, broadband connection and Yahoo ID? Want to hear
my FREE selection
of five decades of hit music and modern dance? Then VISIT HERE
and click
on Lee's station
From list-managers-owner@greatcircle.com Tue Aug 10 05:33:30 2004
X-Original-To: list-managers@greatcircle.com
Received: from slate.unet.maine.edu (slate.unet.maine.edu [130.111.39.209])
by mycroft.greatcircle.com (Postfix) with ESMTP id 3C04232C1D8
for ; Tue, 10 Aug 2004 05:33:29 -0700 (PDT)
Received: from osgood.unet.maine.edu (osgood.unet.maine.edu [130.111.39.64])
by slate.unet.maine.edu (8.12.11/8.12.11) with ESMTP id i7ACXLXJ023224
for ; Tue, 10 Aug 2004 08:33:22 -0400
Received: from polaris.umpi.maine.edu (polaris.umpi.maine.edu [130.111.208.10])
by osgood.unet.maine.edu (8.11.6/8.11.6) with ESMTP id i7ACWWT30130
for ; Tue, 10 Aug 2004 08:32:32 -0400
Received: from POLARIS/SpoolDir by polaris.umpi.maine.edu (Mercury 1.48);
10 Aug 04 08:30:41 -0500
Received: from SpoolDir by POLARIS (Mercury 1.48); 10 Aug 04 08:30:29 -0500
Received: from albert (130.111.210.145) by polaris.umpi.maine.edu (Mercury 1.48) with ESMTP;
10 Aug 04 08:30:27 -0500
From: "Anthony J. Albert"
Organization: University of Maine at PI
To: list-managers@greatcircle.com
Date: Tue, 10 Aug 2004 08:30:27 -0400
MIME-Version: 1.0
Message-ID: <411887A3.24690.39796CB@localhost>
In-reply-to: <20040810020711.BF32B32C40B@mycroft.greatcircle.com>
X-mailer: Pegasus Mail for Windows (v4.12a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-MailScanner: Found to be clean, Not scanned: please contact your Internet E-Mail Service Provider for details
Subject: Re: (off topic) Compressing and Saving to floppy
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-From: albert@polaris.umpi.maine.edu
X-Archive-Number: 200408/2
X-Sequence-Number: 1793
>----------------------------------------------------------------------
>
>Date: Tue, 10 Aug 2004 03:06:17 +0100
>From: lee
>To: Mailgust , list-managers@greatcircle.com
>Subject: (off topic) Compressing and Saving to floppy
>Message-ID: <41182D99.2050308@btinternet.com>
>
>
>hello everyone,
>
>Can anyone tell me how to compress a folder of files so that I can copy
>it onto my pc's A (floppy) drive? I currently have 3.5" discs which can
>otherwise not hold a complete folder of files.
>
>I've already tried saving the folder(s) using WinZip or win-gz before
>saving to floppy, but the overall kilobytes size seems to still be the same.
>
>Maybe any compression only reduces the folder to say, 1 file, but there
>is no way to actually reduce the size?
>
>Any advice appreciated,
>lee
Compression will reduce the size of the agregate of files - if they are
compressible. "Random" data is likely not to compress much, and there
are several file types that approach this... .jpg .gif .mp3 among
them. Text files can sometimes compress by 50% or more, because they
are "non-random" like data.
What you need is to split or "span" the archive across multiple disks.
WinZip has this option, as does pkzip. In WinZip, check the Help file,
and look in the index for "spanning" for instructions.
Hope this helps,
Anthony Albert
===========================================================
Anthony J. Albert albert@umpi.maine.edu
Systems and Software Support Specialist Postmaster
Computer Services - University of Maine, Presque Isle
"This is only temporary, unless it works."
--- Red Green
From list-managers-owner@greatcircle.com Sun Aug 22 05:11:16 2004
X-Original-To: list-managers@greatcircle.com
Received: from smtp-vbr8.xs4all.nl (smtp-vbr8.xs4all.nl [194.109.24.28])
by mycroft.greatcircle.com (Postfix) with ESMTP id 40EFC32C486
for ; Sun, 22 Aug 2004 05:11:13 -0700 (PDT)
Received: from [62.195.90.214] (xs1.xs4all.nl [194.109.21.2])
(authenticated bits=0)
by smtp-vbr8.xs4all.nl (8.12.11/8.12.11) with ESMTP id i7MCBBcZ091289
for ; Sun, 22 Aug 2004 14:11:11 +0200 (CEST)
(envelope-from loekjehe@xs4all.nl)
Mime-Version: 1.0
X-Sender: loekjehe@localhost
Message-Id:
Date: Sun, 22 Aug 2004 14:11:08 +0200
To: list-managers@greatcircle.com
From: Loek Jehee
Subject: Automated attack on list managers?
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Virus-Scanned: by XS4ALL Virus Scanner
X-Archive-Number: 200408/3
X-Sequence-Number: 1794
Dear all,
I am the moderator of a Buddhist list of over 1200 subscribers. I
frequently receive warnings that my computer is infected with some
kind of virus or worm etc. You will understand that - as an owner of
a Mac OS X computer - it is highly (!) unlikely that my computer indeed
is infected :-) There is a far bigger chance that one or more of the
computers of the subscribers is infected and generates messages out
of his/her address book that contain virus or spam or worms or
whatever.
This is a very annoying problem and I wonder if you guys also have
troubles with this. Today the problem even got worse: I noticed a
port scan attack on my computer (my SNORT system started to fire)
which persisted for over an hour. Upon sending a message to the abuse
and amin addresses of the server hosting the malignant attacker, I
received the following interesting (quick and polite) reply from the
admin of that host (Yandex.ru):
"Hello,
our security policies require any host accessing our public resources
to be portscanned to detect possibly trojaned or otherwise infected
hosts, proxies etc. That is way you're observing those access
attempts (sourced from clearly named hosts proxychecker.yandex.net).
We won't bother you anymore (unless you obtain your IP address
dynamically).
Please notice that, if you didn't access any resources in
yandex.ru/yandex.com or ya.ru domain, your computer is probably
already infected by some third party and used to send spam received
by our server, that in turned sourced the portscan in question."
You will understand that I didn't visit any of their sites recently nor
that there was any message sent to them from my computer at all.
So, it seems that they nowadays have automatic scripts (more or
less violently) attacking any IP address mentioned in spam or virus
containing messages that they receive! (I consider port scanning as
an intrusion attempt on my system and as an abusive attack).
This doesn't promise much good for us as mailing list admins....!!
Ciao!
Loek
From list-managers-owner@greatcircle.com Sun Aug 22 06:31:16 2004
X-Original-To: list-managers@greatcircle.com
Received: from grassyhill.org (grassyhill.org [208.231.0.71])
by mycroft.greatcircle.com (Postfix) with ESMTP id 1856232C308
for ; Sun, 22 Aug 2004 06:31:11 -0700 (PDT)
Received: from localhost (lyme_fw [204.60.148.242])
by grassyhill.org (8.11.0/8.11.0) with ESMTP id i7MDV8p10275
for ; Sun, 22 Aug 2004 09:31:08 -0400 (EDT)
X-Envelope-To:
Date: Sun, 22 Aug 2004 09:31:10 -0400
From: Tom Neff
To: list-managers@greatcircle.com
Subject: Re: Automated attack on list managers?
Message-ID: <1B55DD9F7F4F3DD0D7060035@[192.168.0.18]>
In-Reply-To:
References:
X-Mailer: Mulberry/3.1.6 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Archive-Number: 200408/4
X-Sequence-Number: 1795
--On Sunday, August 22, 2004 2:11 PM +0200 Loek Jehee
wrote:
> I am the moderator of a Buddhist list of over 1200 subscribers. I
> frequently receive warnings that my computer is infected with some
> kind of virus or worm etc. You will understand that - as an owner of
> a Mac OS X computer - it is highly (!) unlikely that my computer indeed
> is infected :-) There is a far bigger chance that one or more of the
> computers of the subscribers is infected and generates messages out
> of his/her address book that contain virus or spam or worms or
> whatever.
It is even more likely that most of the "warning messages" you are seeing
have nothing to do with your duties as Norbunet moderator, but are simply
worm payloads masquerading as virus warnings. In cases where you can
authenticate the origin of the warning message, it's indeed most likely
that a listmember's computer is infected.
> This is a very annoying problem and I wonder if you guys also have
> troubles with this. Today the problem even got worse: I noticed a
> port scan attack on my computer (my SNORT system started to fire)
> which persisted for over an hour. Upon sending a message to the abuse
> and amin addresses of the server hosting the malignant attacker, I
> received the following interesting (quick and polite) reply from the
> admin of that host (Yandex.ru): ...
> So, it seems that they nowadays have automatic scripts (more or
> less violently) attacking any IP address mentioned in spam or virus
> containing messages that they receive! (I consider port scanning as
> an intrusion attempt on my system and as an abusive attack).
> This doesn't promise much good for us as mailing list admins....!!
The problem with what you are saying is that spoofed virus/worm envelopes
include fake From: addresses, but (in my experience) not spoofed IP
addresses. There is no easy way for the IP address for webmail.dzogchen.ru
(a/k/a mail.dzogchen.ru, a/k/a byak.sinp.msu.ru) to appear in a Received:
header of a message received at mx1.yandex.ru unless it was actually
involved in transmitting the message.
Other possibilities are that you have recently approved a listmember (on
Norbunet or any of your other lists) who receives mail through yandex.ru
(thus causing their mailservers to see your IP address legitimately); or
that their IP verification methodology is not quite what they describe.
From list-managers-owner@greatcircle.com Sun Aug 22 08:58:45 2004
X-Original-To: list-managers@greatcircle.com
Received: from xuxa.iecc.com (xuxa.iecc.com [208.31.42.42])
by mycroft.greatcircle.com (Postfix) with ESMTP id AA02D32C181
for ; Sun, 22 Aug 2004 08:58:43 -0700 (PDT)
Received: (qmail 26870 invoked by uid 100); 22 Aug 2004 15:58:37 -0000
Date: 22 Aug 2004 15:58:37 -0000
Message-ID: <20040822155837.26869.qmail@xuxa.iecc.com>
From: John Levine
To: list-managers@greatcircle.com
Cc: tneff@grassyhill.net
Subject: Re: Automated attack on list managers?
In-Reply-To: <1B55DD9F7F4F3DD0D7060035@[192.168.0.18]>
Organization: I.E.C.C., Trumansburg NY USA
Cc:
X-Archive-Number: 200408/5
X-Sequence-Number: 1796
>It is even more likely that most of the "warning messages" you are seeing
>have nothing to do with your duties as Norbunet moderator, but are simply
>worm payloads masquerading as virus warnings. In cases where you can
>authenticate the origin of the warning message, it's indeed most likely
>that a listmember's computer is infected.
I get vast number of "you have a virus" reports and they are
invariably sent by a crudware virus filter in response to a virus with
a forged return address. All viruses now have forged return
addresses, and most virus filters are crud, so that's a lot of bogus
warnings. The most you can conclude is that someone with your list's
address in his address book probably has a virus, since address books
on the infected computers are a prime source of those forged
addresses.
Since I am a weenie, I have some mail filters here that catch the most
common warning messages and forward them back to the postmaster on the
system that sent the warning with a note telling them to turn off the
warnings since they go 100% to the wrong place. Unfortunately, most
postmasters are too dim to understand what the problem is and why it
is counterproductive to send virus warnings to people who didn't send
them viruses. So for most people, the best you can do is to treat
them like any other kind of spam, since that's what they are.
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"A book is a sneeze." - E.B. White, on the writing of Charlotte's Web
From list-managers-owner@greatcircle.com Sun Aug 22 09:25:45 2004
X-Original-To: list-managers@greatcircle.com
Received: from ns.lofcom.com (unknown [69.93.98.146])
by mycroft.greatcircle.com (Postfix) with ESMTP id DED3732C456
for ; Sun, 22 Aug 2004 09:25:44 -0700 (PDT)
Received: from [192.168.123.10] (wbar5.wdc2-4.16.156.115.wdc2.dsl-verizon.net [4.16.156.115])
by ns.lofcom.com (8.12.11/8.12.8) with ESMTP id i7MFSEu0016567
for ; Sun, 22 Aug 2004 11:28:14 -0400
X-Envelope-From: charlie@lofcom.com
X-Envelope-To:
X-Sender: adminmail2@oldradio.net
Message-Id:
In-Reply-To: <20040822155837.26869.qmail@xuxa.iecc.com>
References: <1B55DD9F7F4F3DD0D7060035@[192.168.0.18]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-No-Archive: yes
Date: Sun, 22 Aug 2004 12:18:38 -0400
To: list-managers@greatcircle.com
From: Charlie Summers
Subject: Re: Automated attack on list managers?
X-Archive-Number: 200408/6
X-Sequence-Number: 1797
At 11:58 AM -0400 8/22/04, John Levine is rumored to have typed:
> The most you can conclude is that someone with your list's
> address in his address book probably has a virus
...or on a cashed web page, or in an email sent to him from someone else,
or in a TXT file on his computer...
The days when viruses depended on the addressbook are long gone.
Charlie
From list-managers-owner@greatcircle.com Sun Aug 22 09:44:14 2004
X-Original-To: list-managers@greatcircle.com
Received: from mail1.panix.com (mail1.panix.com [166.84.1.72])
by mycroft.greatcircle.com (Postfix) with ESMTP id BA40E32C171
for ; Sun, 22 Aug 2004 09:44:09 -0700 (PDT)
Received: from mailspool3.panix.com (mailspool3.panix.com [166.84.1.78])
by mail1.panix.com (Postfix) with ESMTP id A764948703
for ; Sun, 22 Aug 2004 12:44:08 -0400 (EDT)
Received: from [24.13.13.212] (c-24-13-13-212.client.comcast.net [24.13.13.212])
by mailspool3.panix.com (Postfix) with ESMTP id DF25A195A3
for ; Sun, 22 Aug 2004 12:44:08 -0400 (EDT)
Message-ID: <4128CD5E.50403@panix.com>
Date: Sun, 22 Aug 2004 11:44:14 -0500
From: "David W. Tamkin"
User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.7.2) Gecko/20040803
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: list-managers@greatcircle.com
Subject: Re: Automated attack on list managers?
References: <20040822155837.26869.qmail@xuxa.iecc.com>
In-Reply-To: <20040822155837.26869.qmail@xuxa.iecc.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Archive-Number: 200408/7
X-Sequence-Number: 1798
John Levine wrote:
> I get vast number of "you have a virus" reports and they are
> invariably sent by a crudware virus filter in response to a virus with
> a forged return address.
Some that I get are not responses to viruses from broken filters but
rather are thinly disguised viruses themselves.
From list-managers-owner@greatcircle.com Sun Aug 22 09:51:22 2004
X-Original-To: list-managers@greatcircle.com
Received: from grassyhill.org (grassyhill.org [208.231.0.71])
by mycroft.greatcircle.com (Postfix) with ESMTP id EDEFA32C196
for ; Sun, 22 Aug 2004 09:51:20 -0700 (PDT)
Received: from localhost (lyme_fw [204.60.148.242])
by grassyhill.org (8.11.0/8.11.0) with ESMTP id i7MGpGp15381
for ; Sun, 22 Aug 2004 12:51:16 -0400 (EDT)
X-Envelope-To:
Date: Sun, 22 Aug 2004 12:51:19 -0400
From: Tom Neff
To: list-managers@greatcircle.com
Subject: Re: Automated attack on list managers?
Message-ID:
In-Reply-To: <4128CD5E.50403@panix.com>
References: <20040822155837.26869.qmail@xuxa.iecc.com>
<4128CD5E.50403@panix.com>
X-Mailer: Mulberry/3.1.3 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Archive-Number: 200408/8
X-Sequence-Number: 1799
--On Sunday, August 22, 2004 11:44 AM -0500 "David W. Tamkin"
wrote:
> John Levine wrote:
>
>> I get vast number of "you have a virus" reports and they are
>> invariably sent by a crudware virus filter in response to a virus with
>> a forged return address.
>
> Some that I get are not responses to viruses from broken filters but
> rather are thinly disguised viruses themselves.
Those are the ones I was talking about. The legitimate filter-stops are
pretty easy to trace to the mail servers of real members. We also get them
for 'content' when someone calls someone else a gol-durned polecat.
From list-managers-owner@greatcircle.com Mon Aug 23 12:16:52 2004
X-Original-To: list-managers@greatcircle.com
Received: from ultra7.eskimo.com (ultra7.eskimo.com [204.122.16.70])
by mycroft.greatcircle.com (Postfix) with ESMTP id C4CBF32C1BD
for ; Mon, 23 Aug 2004 12:16:51 -0700 (PDT)
Received: from big-dog.dogswood.com (dialport63.west.eskimo.net [67.136.147.103])
by ultra7.eskimo.com (8.12.10/8.12.10) with ESMTP id i7NJAL3J004249
for ; Mon, 23 Aug 2004 12:10:22 -0700
Received: (from jimo@localhost)
by big-dog.dogswood.com (8.11.6/8.11.6/SuSE Linux 0.5) id i7NI97w32401
for list-managers@greatcircle.com; Mon, 23 Aug 2004 11:09:07 -0700
Date: Mon, 23 Aug 2004 11:09:07 -0700
From: Jim Osborn
To: list-managers@greatcircle.com
Subject: Re: Automated attack on list managers?
Message-ID: <20040823180907.GA12545@eskimo.com>
Mail-Followup-To: list-managers@greatcircle.com
References: <1B55DD9F7F4F3DD0D7060035@[192.168.0.18]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1B55DD9F7F4F3DD0D7060035@[192.168.0.18]>
User-Agent: Mutt/1.4i
X-Archive-Number: 200408/9
X-Sequence-Number: 1800
On Sun, Aug 22, 2004 at 9:31:10AM -0400, Tom Neff wrote:
> The problem with what you are saying is that spoofed virus/worm
> envelopes include fake From: addresses, but (in my experience) not
> spoofed IP addresses. There is no easy way for the IP address for
> webmail.dzogchen.ru (a/k/a mail.dzogchen.ru, a/k/a
> byak.sinp.msu.ru) to appear in a Received: header of a message
> received at mx1.yandex.ru unless it was actually involved in
> transmitting the message.
I see a lot of spam with obviously-forged Received: headers.
I don't think you can trust any but the topmost, at least until
the mail enters your domain. I've found many of these forgeries
to be useful spam discriminators, in fact.
So, it wouldn't surprise me if virii were grabbing IP numbers from
their usual sources and stuffing them into forged Received lines.
An iplookup of the numbers in question would likely not match any
verbiage in the header, but the spam robot probably doesn't care
about accuracy. :)
FWIW,
Jim
From list-managers-owner@greatcircle.com Tue Aug 31 07:41:22 2004
X-Original-To: list-managers@greatcircle.com
Received: from www-s34d2.ununetworks.com (www-s34d2.ununetworks.com [66.36.228.29])
by mycroft.greatcircle.com (Postfix) with ESMTP id DBC2C32C15D
for ; Tue, 31 Aug 2004 07:41:17 -0700 (PDT)
Received: from tnt-2-172.easynet.co.uk ([195.40.196.172])
by www-s34d2.ununetworks.com with asmtp (Exim 4.30; FreeBSD)
id 1C29p0-000PbI-0c
for list-managers@greatcircle.com; Tue, 31 Aug 2004 10:41:18 -0400
Message-ID: <41348E19.5060008@btinternet.com>
Date: Tue, 31 Aug 2004 15:41:29 +0100
From: lee
User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: list-managers@greatcircle.com
Subject: strange spam ?
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - www-s34d2.ununetworks.com
X-AntiAbuse: Original Domain - greatcircle.com
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6]
X-AntiAbuse: Sender Address Domain - btinternet.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Archive-Number: 200408/10
X-Sequence-Number: 1801
hello everyone,
Just wondering if anyone is aware of (the cause of) some spam one of my
list zubscribers is reporting;
he is often getting spam with a legitimate list message underneath it,
all inline and apparently all one email. The list messages are not
necessarily from him.
A look through the headers he's shown me does not suggest that the
spammer is zubscribed to any of my lists.
Maybe a worm or virus is active in his or another list zubscriber's pc?
He is zubscribed to other independent lists so presumably he could have
picked it up anywhere.
thanks for any thoughts,
lee
--
From lee - Have a PC, broadband connection and Yahoo ID? Want to hear
my FREE selection
of five decades of hit music and modern dance? Then VISIT HERE
and click
on Lee's station